Ransomware operators have issued a stunning ultimatum to the Metropolitan Police Department of Washington, DC: Pay them $50 million or leak the identities of confidential informants to street gangs.
Babuk, as the group calls itself, said Monday it had obtained 250GB of sensitive data after hacking into the MPD network. The group’s site on the dark web has posted dozens of images of what appear to be sensitive MPD documents. A screenshot shows a Windows folder titled ‘Disciplinary Files’. Each of the 28 files shown contains a name. Checking four of the names shows that they all belong to MPD officers.
Other images appeared to show names and photos of interested parties, a screenshot of a folder called Gang Database, reports from the chief, lists of arrests and a document with the name and address of a confidential informant.
“Deflate the informants”
“We recommend that you contact us as soon as possible to prevent leakage,” reads a message on the site. “If no response is received within 3 days, we will contact gangs to pump out the informants.”
In an email, MPD Public Information Officer Hugh Carew wrote: “We are aware of unauthorized access to our server. While we are determining the full impact and continuing to review activity, we have engaged the FBI to fully investigate this matter. to research.” Carew did not answer questions for additional details about the infringement.
In a videotaped message published Tuesday evening, Metropolitan Police chief Robert J. Contee III said MPD, with the help of local and federal partners, identified and blocked the mechanism that enabled the break-in. He did not provide any new details about the breach or the ongoing investigation into it.
“Our partners are currently in the process of assessing the scope and impact,” he said. “If it is discovered during the review that personal information of our members or others has been compromised, we will follow up on that information.”
The chief then encouraged people to “maintain good cyber hygiene.”
As bad as it gets
The incident underscores the growing brutality of ransomware operators. Once the attackers were satisfied with locking up the victims’ data and demanding a ransom in exchange for the key, attackers eventually introduced a two-money model that charged the key, but also promised to publish sensitive documents online unless the ransom was paid. was paid. In recent weeks, at least one gang has begun contacting victims’ customers and suppliers to warn them that their data could be spilled if victims fail to pay.
Threatening to identify confidential informants from organized crime groups — as Babuk appears to be doing now — is reaching new lows, said Brett Callow, a threat analyst who tracks ransomware at security firm Emsisoft.
“That’s as bad as it gets,” he told Ars. “Can you imagine the potential for lawsuits if an informant were harmed as a direct result of the breach?”
Babuk is a relatively new ransomware venture that appeared in January. Not much is known about the group other than that it has Russian-speaking team members, and Emsisoft researchers found a serious bug in the group’s decryptor software that caused data loss. The group’s dark website claims to have infringed nearly a dozen other companies.
Last week, a memo from the US Department of Justice showed the agency convened a new task force to respond to the recent spate of ransomware attacks, particularly on hospitals and other critical US organizations. Acting Deputy Attorney General John Carlin will lead the task force, which consists of agents and prosecutors from the FBI and the Department of Justice.
The leak could pose a threat not only to confidential informants, but also to ongoing investigations. Federal prosecutors dropped narcotics charges against six suspects last year after crucial evidence was destroyed in a ransomware infection.